mike_wooskey

joined 4 months ago
sorted by: new top controversial old
[Guide] Increase privacy by using nginx as a caching proxy in front of a map tile server in c/privacy@lemmy.ml
[–] mike_wooskey@lemmy.thewooskeys.com 2 points 20 hours ago (1 children)

I just learned about OpenFreeMap. I've not done it but it touts itself as a simple way to host your own tile server. I'm assuming that your proxy would work for a self hosted tile server with a few alterations.

Gantt in linux in c/linux@lemmy.ml
[–] mike_wooskey@lemmy.thewooskeys.com 1 points 22 hours ago

I just learned about Waypoint to plan trips. Haven't looked at it yet but it sounds cool.

Blossom 10/2/24 in c/dailygames@lemmy.zip
[–] mike_wooskey@lemmy.thewooskeys.com 2 points 1 day ago* (last edited 1 day ago)

Blossom Puzzle, October 3 Letters: E G N O R S T My score: 293 points My longest word: 9 letters 💐 🌺 🌷 🌼 🏵 🌸 🌹 🌻 💮

333
PayPal opted in users to share their data. (www.404media.co)
static website generator in c/selfhosted@lemmy.world
[–] mike_wooskey@lemmy.thewooskeys.com 0 points 5 days ago

I think most of the other suggestions seem like a better solution than WordPress, but there is a plugin for WordPress that exports static websites.

Holy Hell, The Social Web Did Not Begin In 2008 in c/fediverse@lemmy.world
[–] mike_wooskey@lemmy.thewooskeys.com 8 points 1 week ago (3 children)

Applause for the term "pluriverse" (did you coin it?).

And a standing ovation for the alliterative phrase "pluriverse of protocols".

Decipher 97 in c/dailygames@lemmy.zip
Suggestions for privacy and security blog in c/privacy@lemmy.ml
[–] mike_wooskey@lemmy.thewooskeys.com 6 points 1 week ago (2 children) 
I am self hosting it right now, but mainly for friends, family and acquaintances

In addition to rants, if you post tips, how-tos, explanations, best practices, suggestions, etc., I'd like to read your blog. Can you share the URL?

Blossom in c/dailygames@lemmy.zip
[–] mike_wooskey@lemmy.thewooskeys.com 2 points 1 week ago

This is a fun game/puzzle. I got 159, longest word was 9 letters.

Selfhosted S3 compatible recommendations? in c/selfhosted@lemmy.world
[–] mike_wooskey@lemmy.thewooskeys.com 2 points 2 weeks ago

I run MiniO in Docker. Love it. I've never used Garage or Seaweed.

Having difficulty visiting an mTLS-authenticated website from GrapheneOS [SOLVED] in c/selfhosted@lemmy.world
[–] mike_wooskey@lemmy.thewooskeys.com 3 points 3 weeks ago* (last edited 3 weeks ago)

[SOLVED!] That Stack Exchange post was the solution! I had to ask ChatGPT for assistance (e.g., "how do I view the contents of a .crt and a .p12?", "how do I add a CA to a client cert?"), but it worked. Thanks for your help, @Evkob@lemmy.ca.

I don't think I would have ever thought that my client cert didn't contain the CA, especially because when I clicked on the client cert that was installed in GrapheneOS, it showed me a summary that said it did contain a CA! grrrr

(tagging @one_knight_scripting@lemmy.world as he wanted to know the solution)

Having difficulty visiting an mTLS-authenticated website from GrapheneOS [SOLVED] in c/selfhosted@lemmy.world
[–] mike_wooskey@lemmy.thewooskeys.com 1 points 4 weeks ago

Wow! That sounds exactly like my issue. I'll try the workaround tomorrow. Thanks, @evkob@lemmy.ca.

Having difficulty visiting an mTLS-authenticated website from GrapheneOS [SOLVED] in c/selfhosted@lemmy.world
[–] mike_wooskey@lemmy.thewooskeys.com 2 points 4 weeks ago (3 children)

Thanks for your research and the suggestion, @Evkob@lemmy.ca.

I wasn't able to make that work, but I don't think it was trying to solve the problem I'm having, anyway. That procedure was to add self signed SSL certificate to Android, but my certificate is neither self-signed nor an SSL cert. At least I think not - I find certs very confusing. The cert I'm trying to work with is an mTLS cert, a client cert. It's not used to establish a secure SSL connections, it's used to verify that I (the person with the cert) and authorized to use the app.

Additionally, I'm able to successfully install the cert into Android, but the problem is that it seems to be ignored. The mTLS cert is installed in GrapheneOS's "VPN & App User Certificate" section, and my CA cert is installed in the "CA Certificate" section. Vanadium, Fennec, and Mull browsers just aren't using them. :(

29
Having difficulty visiting an mTLS-authenticated website from GrapheneOS [SOLVED] (lemmy.thewooskeys.com)
submitted 4 weeks ago* (last edited 3 weeks ago) by mike_wooskey@lemmy.thewooskeys.com to c/selfhosted@lemmy.world
9 comments fedilink
 

I host a website that uses mTLS for authentication. I created a client cert and installed it in Firefox on Linux, and when I visit the site for the first time, Firefox asks me to choose my cert and then I'm able to visit the site (and every subsequent visit to the site is successful without having to select the cert each time). This is all good.

But when I install that client cert into GrapheneOS (settings -> encryption & credentials -> install a certificate -> vpn & app user certificate), no browser app seems to recognize that it exists at all. Visiting the website from Vanadium, Fennec, or Mull browsers all return "ERR_BAD_SSL_CLIENT_AUTH_CERT" errors.

Does anyone have experience successfully using an mTLS cert in GrapheneOS?

[SOLVED] Thanks for the solution, @Evkob@lemmy.ca

48
Grrr! Stupid non-intuitive default settings! (lemmy.thewooskeys.com)
 

I got a new printer. Auto-discovered, added, and prints fine from Windows in 2 minutes. Auto discovered, added, and prints fine from OSX in 30 seconds. Auto-discovered and added on Linux, but trying to print results in "printer is unreachable at this time" - even after 50 re-installs, different configs, different drivers, different protocols.

I recognized that some computers were on different subnets, but couldn't figure out a pattern. It turns out that the printer has a setting called "Restricted Server List" and the default setting is null. Here's its description in the admin interface: "Comma-delimited list of IP addresses that are allowed to make TCP connections. Example: 157.184.0.0/24. where 0 is a wildcard and /24 is the network prefix."

It also has a setting called "Restricted Server List Options", set to block all ports by default. Here's its description: "By default, addresses not in the restricted server list will have all access blocked. When Block Printing Only is selected, addresses not in the restricted sever list will be blocked from printing only. When Block Printing and HTTP Only is selected, addresses not in the restricted server list will be blocked from printing and HTTP. "

Admin interface doesn't say this anywhere, but the default setting of no restricted servers apparently allows access from other networks, but not from the same network as the printer. I set the restricted servers to "192.168.132.0/24" and then I could access the printer admin web page and print to the printer from my Linux box, but not from any of the computers that were working before. So I set it to "192.168.0.0/16" and every computer on all subnets in my house can print and access the printer admin.

The default setting of no restricted servers was extremely non-intuitive in that it actually only restricted servers on the same subnet. And there was no such documentation.

What a crappy waste of 7 frickin' hours!

15
Question about autofill security (lemmy.thewooskeys.com)
 

I understand that if you have Bitwarden (or any password manager or browser) configured to autofill your password when it encounters a "password" field on a web form, an easy exploit is for the web form to have hidden form fields (e.g., address, phone, email, ssn) and your autofill app will fill in your info into those fields, even though you only wanted it to autofill the login.

But when you have autofill turned off and you click in a form's "login" field and select a login from Bitwrden's contextual menu, Bitwarden automatically also fills in the "Password" field. Does this mean that the exploit exists even if autofill is turned off, as long as you're using any form of an "auto-fill" function?

8
Compile errors with ESP32 Atom Echo (lemmy.thewooskeys.com)
submitted 3 months ago* (last edited 3 months ago) by mike_wooskey@lemmy.thewooskeys.com to c/homeassistant@lemmy.world
8 comments fedilink
 

Thanks to Smart Home Junkie's video (invidious link), I had my Atom Echos as voice recognition boxes with all audio output redirected to a media player of my choice (because the audio on the Echo is super quiet).

Whenever ESPHome updated, I updated my Echos to get the recent ESPHome updates, and then reinstalled the custom yaml for audio redirection.

However, with ESPHome's recent 2024.6.4 update, trying to install the yaml triggers errors that don't seem to make sense. For example, here's a section of the yaml:

microphone:
  - platform: i2s_audio
    id: echo_microphone_kitchen
    i2s_din_pin: GPIO23
    adc_type: external
    pdm: true

speaker:
  - platform: i2s_audio
    id: echo_speaker_kitchen
    i2s_dout_pin: GPIO21
    dac_type: external
    mode: mono

voice_assistant:
  id: va
  microphone: echo_microphone_kitchen
  speaker: echo_speaker_kitchen
  noise_suppression_level: 2
  auto_gain: 31dBFS
  volume_multiplier: 2.0
  vad_threshold: 3
  on_listening:
    - light.turn_on:
        id: led
        blue: 100%
        red: 0%
        green: 0%
        effect: "Slow Pulse"
  on_stt_vad_end:
    - light.turn_on:
        id: led
        blue: 100%
        red: 0%
        green: 0%
        effect: "Fast Pulse"
  on_tts_start:
    - light.turn_on:
        id: led
        blue: 100%
        red: 0%
        green: 0%
        brightness: 100%
        effect: none
  on_tts_end:
    - homeassistant.service:
        service: media_player.play_media
        data:
          entity_id: media_player.${media_player}
          media_content_id: !lambda 'return x;'
          media_content_type: music
          announce: "false"
  on_end:
    - delay: 100ms
    - wait_until:
        not:
          speaker.is_playing:
    - script.execute: reset_led
  on_error:
    - light.turn_on:
        id: led
        red: 100%
        green: 0%
        blue: 0%
        brightness: 100%
        effect: none
    - delay: 1s
    - script.execute: reset_led
  on_client_connected:
    - if:
        condition:
          switch.is_on: use_wake_word
        then:
          - voice_assistant.start_continuous:
          - script.execute: reset_led
  on_client_disconnected:
    - if:
        condition:
          switch.is_on: use_wake_word
        then:
          - voice_assistant.stop:
          - light.turn_off: led

external_components:
  - source: github://pr#5230
    components:
      - esp_adf
    refresh: 0s

esp_adf:

On lines 3 and 10 I define unique IDs for the device's microphone and speaker.

But ESPHome won't compile, telling me:

  • on line 46: Too many candidates found for 'id' type 'speaker::Speaker' Some are 'echo_speaker', 'echo_speaker_kitchen'.
  • on line 57: Too many candidates found for 'id' type 'speaker::Speaker' Some are 'echo_speaker', 'echo_speaker_kitchen'.
  • on line 77: Too many candidates found for 'id' type 'microphone::Microphone' Some are 'echo_microphone', 'echo_microphone_kitchen'.
  • on line 90: Too many candidates found for 'id' type 'speaker::Speaker' Some are 'echo_speaker', 'echo_speaker_kitchen'.

There are no other occurrences of the word "speaker" or "microphone" in the conf yaml (and I'm not including other yaml files).

I'm assuming most of this config is default, and the only things I care about are forcing pin 21 for the speaker (line 11) and redirecting audio to my media player (lines 45-52).

view more: next ›